diff --git a/language/english.php b/language/english.php
index 979f7a3ae..80d7d0715 100644
--- a/language/english.php
+++ b/language/english.php
@@ -1218,6 +1218,16 @@
44 => 'Awaiting Authorization',
45 => 'Active',
46 => 'User Status',
+ 'user_status_desc' => 'An explanation of all possible user statuses:
+
Awaiting Activation - New account awaiting user to login. Email has been sent but not verified. This is only set for a new account and is an automated status (Admins cannot set accounts to this status manually)
+
Awaiting Authorization - New account awaiting moderator approval in the User Submission Queue. When User Submission approved, user will be sent email with password. This is only set for a new account and is an automated status (Admins cannot set accounts to this status manually)
+
Active - This is an Active account.
+
Banned - This Account is banned/disabled. Username is crossed out on the site for any content they have submitted, User cannot login, emails to account is disabled, and profile cannot be viewed by any user except Admins.
+
Locked - This Account is locked. User cannot login, emails to account is disabled, but profile can still be viewed by all.
+
New Email Required - Emails to account is disabled. When user logs in again they must submit new email address and verify before access to rest of the website (under this user account). Status stays the same until email is verified. If "Require User Email" config option true then any users who login (includes remote accounts) that do not have an email address will automatically switch to this status.
+
New Password Required - When the user logs in they must submit a new password before access to rest of website (under this user account). This is only for regular accounts and not remote accounts.
+
+ ',
47 => 'Edit',
48 => 'Show Admin Groups',
49 => 'Admin Group',
diff --git a/language/english_utf-8.php b/language/english_utf-8.php
index 4401441b7..ee98c4306 100644
--- a/language/english_utf-8.php
+++ b/language/english_utf-8.php
@@ -1217,6 +1217,16 @@
44 => 'Awaiting Authorization',
45 => 'Active',
46 => 'User Status',
+ 'user_status_desc' => 'An explanation of all possible user statuses:
+
Awaiting Activation - New account awaiting user to login. Email has been sent but not verified. This is only set for a new account and is an automated status (Admins cannot set accounts to this status manually)
+
Awaiting Authorization - New account awaiting moderator approval in the User Submission Queue. When User Submission approved, user will be sent email with password. This is only set for a new account and is an automated status (Admins cannot set accounts to this status manually)
+
Active - This is an Active account.
+
Banned - This Account is banned/disabled. Username is crossed out on the site for any content they have submitted, User cannot login, emails to account is disabled, and profile cannot be viewed by any user except Admins.
+
Locked - This Account is locked. User cannot login, emails to account is disabled, but profile can still be viewed by all.
+
New Email Required - Emails to account is disabled. When user logs in again they must submit new email address and verify before access to rest of the website (under this user account). Status stays the same until email is verified. If "Require User Email" config option true then any users who login (includes remote accounts) that do not have an email address will automatically switch to this status.
+
New Password Required - When the user logs in they must submit a new password before access to rest of website (under this user account). This is only for regular accounts and not remote accounts.
+
+ ',
47 => 'Edit',
48 => 'Show Admin Groups',
49 => 'Admin Group',
diff --git a/language/japanese_utf-8.php b/language/japanese_utf-8.php
index 91874c195..6adb1ec86 100644
--- a/language/japanese_utf-8.php
+++ b/language/japanese_utf-8.php
@@ -1236,6 +1236,16 @@
44 => '承認が通るのを待機中',
45 => '有効',
46 => 'ユーザーの状態',
+ 'user_status_desc' => 'An explanation of all possible user statuses:
+
Awaiting Activation - New account awaiting user to login. Email has been sent but not verified. This is only set for a new account and is an automated status (Admins cannot set accounts to this status manually)
+
Awaiting Authorization - New account awaiting moderator approval in the User Submission Queue. When User Submission approved, user will be sent email with password. This is only set for a new account and is an automated status (Admins cannot set accounts to this status manually)
+
Active - This is an Active account.
+
Banned - This Account is banned/disabled. Username is crossed out on the site for any content they have submitted, User cannot login, emails to account is disabled, and profile cannot be viewed by any user except Admins.
+
Locked - This Account is locked. User cannot login, emails to account is disabled, but profile can still be viewed by all.
+
New Email Required - Emails to account is disabled. When user logs in again they must submit new email address and verify before access to rest of the website (under this user account). Status stays the same until email is verified. If "Require User Email" config option true then any users who login (includes remote accounts) that do not have an email address will automatically switch to this status.
+
New Password Required - When the user logs in they must submit a new password before access to rest of website (under this user account). This is only for regular accounts and not remote accounts.
+
+ ',
47 => '編集',
48 => '管理者グループを表示',
49 => '管理者グループ',
@@ -1991,7 +2001,7 @@
###############################################################################
# "What's New" Time Strings
-#
+#
# This here determines the order of the sentence "No new articles in 2 hrs"
# order it so it makes sense in your language:
# %i item, "Articles"
@@ -2049,7 +2059,7 @@
###############################################################################
# Admin - Strings
-#
+#
# These are some standard strings used by core functions as well as plugins to
# display administration lists and edit pages
@@ -2740,4 +2750,3 @@
'config_setting_lang_array' => 'それぞれのキーには他と異なるユニークな言語ショートカット(\'en\', \'de\', \'ja\'など)を指定し、対応するフィールドには言語ファイル名から .php を除いたものを指定してください',
'config_setting_lang_array_element_req' => '少なくとも1つキーを指定してください。それぞれのキーには他と異なるユニークな言語ショートカット(\'en\', \'de\', \'ja\'など)を指定し、対応するフィールドには言語ファイル名から .php を除いたものを指定してください'
);
-
diff --git a/public_html/admin/user.php b/public_html/admin/user.php
index c334472f6..dc7a1da16 100644
--- a/public_html/admin/user.php
+++ b/public_html/admin/user.php
@@ -314,10 +314,15 @@ function edituser($uid = 0, $msg = 0)
$user_templates->set_var('user_about', htmlspecialchars($A['about']));
$statusarray = array(
- USER_ACCOUNT_AWAITING_ACTIVATION => $LANG28[43],
USER_ACCOUNT_ACTIVE => $LANG28[45],
);
+ // Only show Awaiting Activation status if user already this status as this is an automated status and should not be set by Admin
+ // Admin should use USER_ACCOUNT_NEW_EMAIL instead
+ if ($A['status'] == USER_ACCOUNT_AWAITING_ACTIVATION && !empty($uid)) {
+ $statusarray[USER_ACCOUNT_AWAITING_ACTIVATION] = $LANG28[43];
+ }
+
$allow_other_statuses = true;
// do not allow to ban yourself or forcing new email or password
if (!empty($uid)) {
@@ -343,7 +348,9 @@ function edituser($uid = 0, $msg = 0)
}
}
- if (($_CONF['usersubmission'] == 1) && !empty($uid)) {
+ // If this status then $_CONF['usersubmission'] == 1 better be true
+ // Only show Awaiting Authorization status if user already this status as this is an automated status and should not be set by Admin
+ if (($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL) && !empty($uid)) {
$statusarray[USER_ACCOUNT_AWAITING_APPROVAL] = $LANG28[44];
}
asort($statusarray);
@@ -362,6 +369,7 @@ function edituser($uid = 0, $msg = 0)
));
$user_templates->set_var('user_status', $statusselect);
$user_templates->set_var('lang_user_status', $LANG28[46]);
+ $user_templates->set_var('lang_user_status_desc', $LANG28['user_status_desc']);
if ($_CONF['custom_registration'] AND function_exists('CUSTOM_userEdit')) {
if (!empty($uid) && ($uid > 1)) {
diff --git a/public_html/docs/english/config.html b/public_html/docs/english/config.html
index 673110a88..99d836248 100644
--- a/public_html/docs/english/config.html
+++ b/public_html/docs/english/config.html
@@ -1178,7 +1178,9 @@
diff --git a/public_html/docs/history b/public_html/docs/history
index afdf70ba7..741c8f838 100644
--- a/public_html/docs/history
+++ b/public_html/docs/history
@@ -10,12 +10,15 @@ For more in-depth explanation of the issues below see: https://github.com/Geeklo
- [Security] [NA] XSS issue with the Plugin Admin interface. (reported by Netsparker.com) [Mystralkk]
- [Security] [NA] Issue with the comment library. (reported by Netsparker.com) [Tom]
+- [Feature] [#1016] Staticpages can now be set individually if they will appear in the search results or not [Tom]
+
- [Improvement] [#1038] Staticpages which use PHP, and the template class with a theme that contains PHP, now will error gracefully for sites using PHP 7 or higher [Mystralkk]
- [Bug] [#1043] Fixed hardcoded table names in upgrade for Geeklog v2.2.1 [Tom]
- [Bug] [#1043] Fixed issue where the install would fail in some cases because it did not know where the system directory was [Tom]
- [Bug] [#1045] Fixed tooltip links for Denim and Denim_three themes [Tom]
- [Bug] [#1044] Fixed searching just articles [Tom]
+- [Bug] [#1046] Fixed Users can only be set to certain statuses by Admins [Tom]
The following items are all current Geeklog API, functions, and/or global variables that are planned to be either required or depreciated by a current Geeklog version. Plugin and Theme developers please take note of these changes in case they affect you.
diff --git a/public_html/docs/japanese/history.html b/public_html/docs/japanese/history.html
index db7140b61..8b9b69059 100644
--- a/public_html/docs/japanese/history.html
+++ b/public_html/docs/japanese/history.html
@@ -31,6 +31,10 @@
March ? 2020 (2.2.1sr1)
[Security] [NA] Issue with the comment library. (reported by Netsparker.com) [Tom]
+
+
[Feature] [#1016] Staticpages can now be set individually if they will appear in the search results or not [Tom]
+
+
[Improvement] [#1038] Staticpages which use PHP, and the template class with a theme that contains PHP, now will error gracefully for sites using PHP 7 or higher [Mystralkk]
@@ -40,6 +44,7 @@
March ? 2020 (2.2.1sr1)
[Bug] [#1043] Fixed issue where the install would fail in some cases because it did not know where the system directory was [Tom]
[Bug] [#1045] Fixed tooltip links for Denim and Denim_three themes [Tom]
[Bug] [#1044] Fixed searching just articles [Tom]
+
[Bug] [#1046] Fixed Users can only be set to certain statuses by Admins [Tom]
The following items are all current Geeklog API, functions, and/or global variables that are planned to be either required or depreciated by a current Geeklog version. Plugin and Theme developers please take note of these changes in case they affect you.
diff --git a/public_html/layout/denim/admin/user/edituser.thtml b/public_html/layout/denim/admin/user/edituser.thtml
index 545427eee..4a853b320 100644
--- a/public_html/layout/denim/admin/user/edituser.thtml
+++ b/public_html/layout/denim/admin/user/edituser.thtml
@@ -42,7 +42,7 @@
{enable_tfa_options}
-
diff --git a/public_html/users.php b/public_html/users.php
index 189551a45..a6e3a16d3 100644
--- a/public_html/users.php
+++ b/public_html/users.php
@@ -1112,6 +1112,9 @@ function USER_tryTwoFactorAuth()
DB_query("UPDATE {$_TABLES['users']} SET emailconfirmid = NULL, emailtoconfirm = NULL WHERE uid = $uid");
COM_redirect($_CONF['site_url'] . '/users.php?msg=503');
+ } else {
+ // Not valid emailconfirmid
+ COM_handle404();
}
} elseif (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_EMAIL)) {
$msg = (int) Geeklog\Input::fRequest('msg', 0);
diff --git a/system/lib-security.php b/system/lib-security.php
index 2e143549b..e8046ac44 100644
--- a/system/lib-security.php
+++ b/system/lib-security.php
@@ -69,12 +69,12 @@
}
/* Constants for account status */
-define('USER_ACCOUNT_DISABLED', 0); // Account is banned/disabled
-define('USER_ACCOUNT_AWAITING_ACTIVATION', 1); // Account awaiting user to login. Email has been sent
-define('USER_ACCOUNT_AWAITING_APPROVAL', 2); // Account awaiting moderator approval
+define('USER_ACCOUNT_DISABLED', 0); // Account is banned/disabled. Username is crossed out, User cannot login, emails to account is disabled, profile cannot be viewed
+define('USER_ACCOUNT_AWAITING_ACTIVATION', 1); // New Account awaiting user to login. Email has been sent but not verified. This is only set when a new account
+define('USER_ACCOUNT_AWAITING_APPROVAL', 2); // Account awaiting moderator approval in the User Submission Queue. Not for remote accounts. This is only set when a new account
define('USER_ACCOUNT_ACTIVE', 3); // Active account
-define('USER_ACCOUNT_LOCKED', 4); // Account is locked. User cannot login, emails to account is disabled
-define('USER_ACCOUNT_NEW_EMAIL', 5); // Emails to account is disabled. User when login must submit new email address and verify before access to rest of website (under the user account)
+define('USER_ACCOUNT_LOCKED', 4); // Account is locked. User cannot login, emails to account is disabled, profile can still be viewed
+define('USER_ACCOUNT_NEW_EMAIL', 5); // Emails to account is disabled. User when login must submit new email address and verify before access to rest of website (under the user account). Status stays this until email verified
define('USER_ACCOUNT_NEW_PASSWORD', 6); // User when login must submit new password before access to rest of website (under the user account), Only for regular accounts and not remote
/* Constant for Security Token */
diff --git a/system/lib-user.php b/system/lib-user.php
index 8b8290150..217d6c0c3 100644
--- a/system/lib-user.php
+++ b/system/lib-user.php
@@ -1123,7 +1123,8 @@ function USER_showProfile($uid, $preview = false, $msg = 0, $plugin = '')
COM_displayMessageAndAbort(30, '', 403, 'Forbidden');
}
- if ($A['status'] != USER_ACCOUNT_ACTIVE && !SEC_hasRights('user.edit')) {
+ // Profile still viewable under the following user statuses
+ if (($A['status'] != USER_ACCOUNT_ACTIVE && $A['status'] != USER_ACCOUNT_LOCKED && $A['status'] != USER_ACCOUNT_NEW_EMAIL && $A['status'] != USER_ACCOUNT_NEW_PASSWORD) && !SEC_hasRights('user.edit')) {
COM_handle404();
}
@@ -1607,6 +1608,6 @@ function USER_isBanned($uid = 0)
$A = DB_fetchArray($result, false);
$status = (int) $A['status'];
- return ($status == USER_ACCOUNT_DISABLED) || ($status == USER_ACCOUNT_LOCKED);
+ return ($status == USER_ACCOUNT_DISABLED);
}
}